Average Cost To Recover From Ransomware Skyrockets To Over $84,000

It’s getting more and more expensive for victims of ransomware attacks to recover. The average cost more than doubled in the final quarter of 2019.

According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.It’s not just the result of cybercriminals demanding steeper ransoms, though that’s certainly one factor. Others include hardware replacement and repair costs, lost revenues, and, in some incidents, damage to the victim’s brand.

Generally speaking, these costs all increase sharply in relation to the sophistication and duration of the attack.

There’s a new risk associated with ransomware infection that could make recovery even more expensive. Cybercriminals are no longer content to encrypt their victims’ data and demand payment for its decryption.

Now they’re downloading copies of those files and threatening to release them publicly if the ransom isn’t paid. Coveware notes that “this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.”

Cyber security experts are already tracking at least three ransomware campaigns that have made such threats: Sodinokibi, Maze, and BitPyLocker. Some victims of both Maze and Sodinokibi have had their data exposed. Experts are still unsure whether BitPyLocker is just turning up the fear factor or genuinely plans to release data if victims don’t cooperate.

But why do ransomware victims continue to pay even when law enforcement officials have repeatedly urged them not to? Because it’s a reliable way to recover critical data.Coveware states that 98% of those who paid did, in fact, receive a decryption tool. On top of that, those tools deliver on their criminal creators’ promises. Around 97% of files are successfully decrypted. Just 3% are lost.

Strong numbers, to be sure, but don’t let that be your takeaway from Coveware’s analysis. There are never any guarantees, however, even when an attacker offers to decrypt a few files as a show of good faith.